Carlos Alexandro Becker
5cc7ebb73d
ci: update actions
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-05-02 13:23:47 -03:00
dependabot[bot]
702f5f91c9
ci(deps): bump the actions group with 3 updates ( #560 )
...
Bumps the actions group with 3 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/setup-node](https://github.com/actions/setup-node ).
Updates `sigstore/cosign-installer` from 3.9.2 to 4.1.1
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d58896d6a1...cad07c2e89https://github.com/actions/upload-artifact/releases )
- [Commits](bbbca2ddaa...043fb46d1ahttps://github.com/actions/setup-node/releases )
- [Commits](a0853c2454...48b55a011b
2026-05-02 12:25:51 -03:00
Carlos Alexandro Becker
1a80836c5c
ci(nightly): pass GITHUB_TOKEN to nightly integration job
...
Releases API is rate-limited for unauthenticated requests.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-26 18:04:06 -03:00
Carlos Alexandro Becker
a71152e827
refactor: drop legacy 'nightly' tag fallback
...
Both goreleaser and goreleaser-pro now publish nightly releases as
vX.Y.Z-<sha>-nightly, so the action no longer needs to special-case
or fall back to the moving 'nightly' tag.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-26 18:02:55 -03:00
Carlos Alexandro Becker
4c6ab561ad
feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release ( #558 )
...
* feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release
Query GitHub releases API to resolve the 'nightly' version input to the
latest immutable nightly tag, replacing the moving 'nightly' tag that is
being removed for supply-chain hardening.
Refs goreleaser/goreleaser#6550
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: keep legacy 'nightly' tag working during transition
Fall back to the moving 'nightly' tag when no immutable
vX.Y.Z-<sha>-nightly release is found, so the action keeps working
between this release and the goreleaser nightly switchover.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* test: assert isNightlyTag accepts legacy fallback
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: accept nightly tags without 'v' prefix
goreleaser-pro publishes nightly releases as e.g. 2.16.0-eaeb08c50-nightly
(no 'v' prefix). Make the nightly tag regex tolerate either form, and
split the integration tests so OSS asserts the legacy fallback while
Pro asserts the new <version>-<sha>-nightly format.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* Revert "fix: accept nightly tags without 'v' prefix"
The missing 'v' prefix on the goreleaser-pro nightly was a release
mistake; new nightlies will keep the 'v' prefix.
This reverts commit 7673f7f
2026-04-26 16:39:25 -03:00
Carlos Alexandro Becker
4f96abf297
feat: add version-file input ( #556 )
...
Resolves the GoReleaser version from a file. Currently supports the
asdf/mise `.tool-versions` format; resolved value takes precedence
over the `version` input.
# .tool-versions
goreleaser 2.13.0
- uses: goreleaser/goreleaser-action@v7
with:
version-file: .tool-versions
args: release --clean
Path is resolved relative to `workdir` unless absolute. Bare semvers
are auto-prefixed with `v`; constraint expressions and `latest` are
returned as-is. Multiple fallback versions per asdf convention are
accepted but only the first is used.
Refs #541
Closes #542
Co-authored-by: Anthony Couvreur <22034450+acouvreur@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-23 23:05:24 -03:00
Carlos Alexandro Becker
15fa2a96d4
test: cover install across release eras ( #555 )
...
Add install tests pinned to versions that exercise every release era so
we don't regress the graceful-skip path for releases that pre-date the
cosign v3 sigstore bundle:
- v0.182.0 pre-checksums-signing
- v1.26.2 cosign v2 detached .sig only
- v2.12.4 last release before sigstore bundles
- v2.13.0 first release with sigstore bundle (minimum verifiable)
- v2.15.3 recent release with sigstore bundle
Plus an explicit verifyChecksum integration test that installs v2.12.4
with cosign in PATH to confirm the cosign step is skipped (not failed)
when the sigstore bundle is absent.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 15:55:31 -03:00
Carlos Alexandro Becker
e24998b8b6
ci: drop pre-cosign-v3 goreleaser versions from tests ( #554 )
...
GoReleaser v2.13.0 was the first release to ship the cosign v3
sigstore-bundle 'checksums.txt.sigstore.json' alongside the archive.
Earlier releases only publish a cosign v2 detached '.sig', which the
action's verifier does not understand and silently skips.
Drop '~> 1.26' / '~> 2.6' / 'v0.182.0' / '~> v1' from the matrix and
the install tests; pin '~> 2.13' as the minimum-supported version we
actively exercise in CI. Document v2.13.0 as the minimum cosign-
verifiable version in the README.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 15:39:15 -03:00
Carlos Alexandro Becker
be2e8a39ba
docs: document cosign verification in README ( #553 )
...
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 15:24:42 -03:00
Carlos Alexandro Becker
5e53f8eea2
ci: add release-major-tag workflow ( #552 )
...
* build: drop docker-bake in favor of plain npm
Every TypeScript action maintained by actions/* (checkout, setup-node,
setup-go, cache, upload-artifact) uses plain npm scripts. The bake
setup is a docker/* org convention and adds friction for TS work:
contributors need Docker, the dev loop is ~10x slower than npm, and
Alpine-vs-host byte drift in dist/index.js makes PRs bounce.
Replace with the standard pattern:
- .node-version pins Node 24 so contributors and CI agree
- npm scripts (build, lint, format, test, pre-checkin) replace bake
targets one-for-one
- validate.yml runs lint + a check-dist diff (mirrors actions/setup-node)
and a vendor check that npm install --package-lock-only is a no-op
- test.yml uses setup-node + sigstore/cosign-installer, drops bake-action
- dependabot-build.yml regenerates dist via npm instead of bake
CONTRIBUTING.md and README development section updated to match.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: align scripts and workflows with actions/* convention
Match the standard layout used by actions/checkout, actions/setup-node,
etc.:
- package.json scripts: split format/format-check (Prettier) from
lint/lint:fix (ESLint), and have pre-checkin run all four (format,
lint:fix, build, test) in that order.
- validate.yml lint job runs format-check + lint as separate steps.
- test.yml drops the redundant --coverage flag (now in the test script).
- Drop dependabot-build.yml: actions/* don't auto-rebuild dist on
dependabot PRs; the check-dist style validate / build job catches
drift and a maintainer rebuilds locally if needed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* ci: add release-major-tag workflow
Adopts the actions/checkout pattern (workflow_dispatch with target +
major_version inputs that force-pushes the major tag). Doubles as a
rollback tool. Documented in CONTRIBUTING under a 'Releasing' section.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* ci: drop irrelevant pin comment from release-major-tag
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 15:23:21 -03:00
Carlos Alexandro Becker
4068afa2f0
build: drop docker-bake in favor of plain npm ( #551 )
...
* build: drop docker-bake in favor of plain npm
Every TypeScript action maintained by actions/* (checkout, setup-node,
setup-go, cache, upload-artifact) uses plain npm scripts. The bake
setup is a docker/* org convention and adds friction for TS work:
contributors need Docker, the dev loop is ~10x slower than npm, and
Alpine-vs-host byte drift in dist/index.js makes PRs bounce.
Replace with the standard pattern:
- .node-version pins Node 24 so contributors and CI agree
- npm scripts (build, lint, format, test, pre-checkin) replace bake
targets one-for-one
- validate.yml runs lint + a check-dist diff (mirrors actions/setup-node)
and a vendor check that npm install --package-lock-only is a no-op
- test.yml uses setup-node + sigstore/cosign-installer, drops bake-action
- dependabot-build.yml regenerates dist via npm instead of bake
CONTRIBUTING.md and README development section updated to match.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* build: align scripts and workflows with actions/* convention
Match the standard layout used by actions/checkout, actions/setup-node,
etc.:
- package.json scripts: split format/format-check (Prettier) from
lint/lint:fix (ESLint), and have pre-checkin run all four (format,
lint:fix, build, test) in that order.
- validate.yml lint job runs format-check + lint as separate steps.
- test.yml drops the redundant --coverage flag (now in the test script).
- Drop dependabot-build.yml: actions/* don't auto-rebuild dist on
dependabot PRs; the check-dist style validate / build job catches
drift and a maintainer rebuilds locally if needed.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 15:22:23 -03:00
Carlos Alexandro Becker
213ec80f56
docs: add CONTRIBUTING with pre-commit workflow
...
Document the docker buildx bake pre-checkin / test / validate sequence
contributors need before pushing, and call out the Alpine-built dist/
gotcha so PRs don't bounce on build-validate.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 14:36:59 -03:00
Carlos Alexandro Becker
4b462d3d1d
feat: verify release checksum and cosign signature ( #550 )
...
* feat: verify release checksum and cosign signature
Download checksums.txt for the release and verify the SHA-256 of the
downloaded archive against it. When cosign is available in PATH, also
download checksums.txt.sigstore.json and verify the signature against
the goreleaser/goreleaser-pro release workflow identity. Both steps
degrade gracefully (with a warning) when the corresponding artifacts
or tooling are missing.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* test: use install() for checksum e2e tests
Drop the http-client download helper from verifyChecksum integration
tests; call goreleaser.install() instead so the test exercises the
public API path and avoids duplicating download logic.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-18 14:34:46 -03:00
Timo
01cbe076be
docs: Upgrade import GPG action version ( #547 )
2026-04-05 12:19:35 +00:00
dependabot[bot]
2a473d70e3
ci(deps): bump the actions group with 5 updates ( #546 )
...
* ci(deps): bump the actions group with 5 updates
Bumps the actions group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go ) | `6.3.0` | `6.4.0` |
| [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg ) | `6.3.0` | `7.0.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.12.0` | `4.0.0` |
| [docker/bake-action](https://github.com/docker/bake-action ) | `6.10.0` | `7.0.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `5.5.2` | `6.0.0` |
Updates `actions/setup-go` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4b73464bb3...4a3601121dhttps://github.com/crazy-max/ghaction-import-gpg/releases )
- [Commits](e89d40939c...2dc316deeehttps://github.com/docker/setup-buildx-action/releases )
- [Commits](8d2750c68a...4d04d5d948https://github.com/docker/bake-action/releases )
- [Commits](5be5f02ff8...82490499d2https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](671740ac38...57e3a136b7
2026-04-03 10:21:16 -03:00
Carlos Alexandro Becker
fdcf0b9df9
clean: leftover files from node 22(?)
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-03-22 23:46:39 -03:00
Carlos Alexandro Becker
9881cc5376
fix: use new static URL
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-03-22 23:43:18 -03:00
Carlos Alexandro Becker
07f3f34e99
chore: update
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-03-22 23:20:07 -03:00
dependabot[bot]
47f0a77cfc
chore(deps): bump undici from 6.23.0 to 6.24.1 ( #545 )
...
Bumps [undici](https://github.com/nodejs/undici ) from 6.23.0 to 6.24.1.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.1 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 6.24.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-22 22:55:17 -03:00
dependabot[bot]
4be059cded
ci(deps): bump the actions group with 2 updates ( #543 )
...
Bumps the actions group with 2 updates: [actions/setup-go](https://github.com/actions/setup-go ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/setup-go` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](7a3fe6cf4c...4b73464bb3https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaa
2026-03-01 13:54:09 -03:00
Carlos Alexandro Becker
6c92f1d350
fix: bake vendor
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-02-22 20:54:03 -03:00
Carlos Alexandro Becker
ff4cb9c029
docs: update
2026-02-22 00:08:30 -03:00
Carlos Alexandro Becker
ec59f474b9
fix: yargs usage
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-02-09 09:21:42 -03:00
Carlos Alexandro Becker
752dedee3d
fix: gitignore
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-02-09 09:06:51 -03:00
Carlos Alexandro Becker
1881ae035d
ci: update dependabot settings
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-02-09 09:06:19 -03:00
Carlos Alexandro Becker
fdc5e662bb
chore: gitignore provenance.json
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-02-09 09:01:59 -03:00
dependabot[bot]
51b5b35c3c
chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group ( #539 )
...
* chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group
Bumps the npm group with 1 update: [semver](https://github.com/npm/node-semver ).
Updates `semver` from 7.7.3 to 7.7.4
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.7.3...v7.7.4 )
---
updated-dependencies:
- dependency-name: semver
dependency-version: 7.7.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update dist and vendor
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-09 09:01:32 -03:00
dependabot[bot]
4247c53b30
ci(deps): bump docker/setup-buildx-action in the actions group ( #538 )
...
Bumps the actions group with 1 update: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ).
Updates `docker/setup-buildx-action` from 3.10.0 to 3.12.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](b5ca514318...8d2750c68a
2026-02-02 08:32:26 -03:00
dependabot[bot]
c169bfd5ae
chore(deps): bump @actions/http-client from 3.0.2 to 4.0.0 in the npm group ( #537 )
...
* chore(deps): bump @actions/http-client in the npm group
Bumps the npm group with 1 update: [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client ).
Updates `@actions/http-client` from 3.0.2 to 4.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/http-client )
---
updated-dependencies:
- dependency-name: "@actions/http-client"
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update dist and vendor
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-02 08:32:10 -03:00
dependabot[bot]
902ab4a70d
chore(deps): bump the npm group across 1 directory with 4 updates ( #536 )
...
* chore(deps): bump the npm group across 1 directory with 4 updates
Bumps the npm group with 3 updates in the / directory: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ), [@actions/exec](https://github.com/actions/toolkit/tree/HEAD/packages/exec ) and [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache ).
Updates `@actions/core` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Updates `@actions/exec` from 2.0.0 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/exec/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/exec )
Updates `@actions/http-client` from 3.0.1 to 3.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client )
Updates `@actions/tool-cache` from 3.0.0 to 4.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/tool-cache )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/exec"
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/http-client"
dependency-version: 3.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
- dependency-name: "@actions/tool-cache"
dependency-version: 4.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update dist and vendor
* chore: rm provenance
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
* test: use esm in jest
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
* ci: fix npm run test
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-01-29 21:59:39 -03:00
Carlos Alexandro Becker
c59a691319
chore: gitignore
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-01-29 21:48:08 -03:00
Carlos Alexandro Becker
56cc8b2737
ci: add job to automate dependabot pre-checkin/vendor
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2026-01-29 21:31:47 -03:00
Carlos Alexandro Becker
78265e466a
feat!: node 24, update deps, rm yarn, ESM ( #533 )
...
* chore(deps): bump the npm group across 1 directory with 7 updates
Bumps the npm group with 7 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core ) | `1.11.1` | `2.0.2` |
| [@actions/exec](https://github.com/actions/toolkit/tree/HEAD/packages/exec ) | `1.1.1` | `2.0.0` |
| [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client ) | `2.2.3` | `3.0.1` |
| [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache ) | `2.0.2` | `3.0.0` |
| [js-yaml](https://github.com/nodeca/js-yaml ) | `4.1.0` | `4.1.1` |
| [semver](https://github.com/npm/node-semver ) | `7.7.2` | `7.7.3` |
| [yargs](https://github.com/yargs/yargs ) | `17.7.2` | `18.0.0` |
Updates `@actions/core` from 1.11.1 to 2.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core )
Updates `@actions/exec` from 1.1.1 to 2.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/exec/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/exec )
Updates `@actions/http-client` from 2.2.3 to 3.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client )
Updates `@actions/tool-cache` from 2.0.2 to 3.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md )
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache )
Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.0...4.1.1 )
Updates `semver` from 7.7.2 to 7.7.3
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.7.2...v7.7.3 )
Updates `yargs` from 17.7.2 to 18.0.0
- [Release notes](https://github.com/yargs/yargs/releases )
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/yargs/yargs/compare/v17.7.2...v18.0.0 )
---
updated-dependencies:
- dependency-name: "@actions/core"
dependency-version: 2.0.2
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/exec"
dependency-version: 2.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/http-client"
dependency-version: 3.0.1
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: "@actions/tool-cache"
dependency-version: 3.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
- dependency-name: js-yaml
dependency-version: 4.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
- dependency-name: semver
dependency-version: 7.7.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm
- dependency-name: yargs
dependency-version: 18.0.0
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: npm
...
Signed-off-by: dependabot[bot] <support@github.com>
* refactor: remove yarn, update to node 24
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
* chore: review
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
* fix: stable
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-29 21:22:39 -03:00
dependabot[bot]
4c34bd9582
ci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group ( #534 )
...
Bumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e8c483db8...de0fac2e45
2026-01-26 08:38:43 -03:00
dependabot[bot]
aacbb7ffbc
ci(deps): bump the actions group across 1 directory with 4 updates ( #532 )
...
Bumps the actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout ), [actions/setup-go](https://github.com/actions/setup-go ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [codecov/codecov-action](https://github.com/codecov/codecov-action ).
Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8https://github.com/actions/setup-go/releases )
- [Commits](4dc6199c7b...7a3fe6cf4chttps://github.com/actions/upload-artifact/releases )
- [Commits](330a01c490...b7c566a772https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](5a1091511a...671740ac38
2026-01-19 14:51:40 -03:00
dependabot[bot]
d31d51ab55
ci(deps): bump docker/bake-action in the actions group ( #526 )
...
Bumps the actions group with 1 update: [docker/bake-action](https://github.com/docker/bake-action ).
Updates `docker/bake-action` from 6.9.0 to 6.10.0
- [Release notes](https://github.com/docker/bake-action/releases )
- [Commits](3acf805d94...5be5f02ff8
2025-12-01 14:36:18 -03:00
dependabot[bot]
f3511a2bf5
ci(deps): bump the actions group with 2 updates ( #523 )
...
Bumps the actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-go](https://github.com/actions/setup-go ).
Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68https://github.com/actions/setup-go/releases )
- [Commits](4469467582...4dc6199c7b
2025-11-27 08:47:44 -03:00
dependabot[bot]
9cf36111e7
ci(deps): bump the actions group with 2 updates ( #517 )
...
Bumps the actions group with 2 updates: [actions/setup-go](https://github.com/actions/setup-go ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/setup-go` from 5.5.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582https://github.com/actions/upload-artifact/releases )
- [Commits](ea165f8d65...330a01c490
2025-11-06 18:18:08 -03:00
Carlos Alexandro Becker
43039ef35c
fix: typo
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2025-11-06 18:17:45 -03:00
Carlos Alexandro Becker
89b8235a3e
ci: update dependabot
...
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2025-11-06 17:39:25 -03:00
Carlos Alexandro Becker
aab47043d0
sec: pin github action versions ( #514 )
...
using caarlos0/pinata
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
2025-11-05 14:27:48 +01:00
Kévin Dunglas
a08664b80c
docs: upgrade checkout GitHub Action in README.md ( #507 )
2025-08-25 15:09:53 -03:00
dependabot[bot]
35b9a27f96
chore(deps): bump actions/checkout from 4 to 5 ( #504 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-14 10:17:53 -03:00
Carlos Alexandro Becker
e435ccd777
feat: retry downloading releases json ( #503 )
...
refs https://github.com/orgs/goreleaser/discussions/5954
2025-08-06 22:28:41 -03:00
dependabot[bot]
2ff5850a92
chore(deps): bump undici from 5.28.5 to 5.29.0 ( #496 )
...
* chore(deps): bump undici from 5.28.5 to 5.29.0
Bumps [undici](https://github.com/nodejs/undici ) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases )
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0 )
---
updated-dependencies:
- dependency-name: undici
dependency-version: 5.29.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update generated content
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-08-02 10:31:15 +02:00
Carlos Alexandro Becker
9a6cd01b33
fix: do not get releases.json if version is specific ( #502 )
...
closes #489
2025-08-02 10:24:12 +02:00
dependabot[bot]
a386515f0c
chore(deps): bump brace-expansion from 1.1.11 to 1.1.12 ( #498 )
...
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion ) from 1.1.11 to 1.1.12.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases )
- [Commits](https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12 )
---
updated-dependencies:
- dependency-name: brace-expansion
dependency-version: 1.1.12
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-02 10:19:58 +02:00
dependabot[bot]
ca48102d58
chore(deps): bump semver from 7.7.1 to 7.7.2 ( #495 )
...
* chore(deps): bump semver from 7.7.1 to 7.7.2
Bumps [semver](https://github.com/npm/node-semver ) from 7.7.1 to 7.7.2.
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2 )
---
updated-dependencies:
- dependency-name: semver
dependency-version: 7.7.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: update generated content
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2025-08-01 19:29:12 +02:00
haya14busa
0931acf1f7
fix: support .config directory for goreleaser config files ( #500 )
...
* fix: support .config directory for goreleaser config files
Add support for .config/goreleaser.yaml and .config/goreleaser.yml
configuration files to match GoReleaser's official search order.
* run $ docker buildx bake build
2025-07-04 18:16:46 +00:00
CrazyMax
90c43f2c19
ci: set contents read as default workflow permissions ( #494 )
2025-03-30 23:00:02 +02:00
